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SYSTEM AND METHOD FOR PREVENTING 
DAMAGE TO MEDIA FILES WITHIN A 
DIGITAL CAMERA DEVICE 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

This application is a continuation of application Ser. No. 
08/716,773 filed Sep. 24, 1996 entitled "System And 
Method For Preventing Damage To Media Files Within A 
Digital Camera Device"; now U.S. Pat. No. 5,935,259. This 
application is hereby incorporated by reference. This appli- 
cation also relates to co-pending U.S. patent application Ser. 
No. 08/666,241, entitled "System And Method For Using A 
Unified Memory Architecture To Implement A Digital Cam- 
era Device," filed on Jun. 20, 1996; and also to U.S. Pat. No. 
5,790,878, entitled "System And Method For Recovering 
From A Power Failure Within A Digital Camera Device," 
issued on Aug. 4, 1998, both of which are hereby incorpo- 
rated by reference. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates generally to digital cameras and 
more particularly to a system and method for preventing 
power failure damage to media files within a digital camera 
device. 

2. Description of the Background Art 

Modern photographic technology presently includes a 
variety of digital camera devices which capture image data 
by electronically scanning selected target objects. Digital 
camera devices often process and compress the captured 
image data before storing the processed image data into 
internal or external memory devices. These memory devices 
typically include various types of nonvolatile memory which 
are accessed in read/write operations that store and access 
captured image data. 

Protecting the captured image data during the memory 
access operations is an important consideration of both 
camera manufacturers and camera users. Camera designers 
must therefore anticipate the occurrence of any events which 
might endanger the integrity of the captured image data. 

A power failure during a memory read/write operation 
within a digital camera device is one example of an event 
which might seriously jeopardize image data. For example, 
the digital camera may be accessing a file, rewriting a file 
directory or rewriting a file allocation table at the time a 
power failure occurs. The intervening power failure may 
prevent the successful completion of the memory access 
operation and thus damage integrity of the image data. 

Further, a power failure may interrupt various camera 
memory functions which typically resume their respective 
tasks whenever power is restored to the digital camera. The 
interrupted functions, however, would be unaware that a 
power failure had intervened. The interrupted memory func- 
tions would thus be unaware of the hardware reset which 
results from reapplying power after the power failure. This 
confusion between the system software and hardware would 
potentially endanger camera operations. For the foregoing 
reasons, an improved system and method is needed for 
preventing damage to media files within a digital camera 
device according to the present invention. 

SUMMARY OF THE INVENTION 

In accordance with the present invention, a system and 
method are disclosed for preventing damage to media files 
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within a digital camera device. The preferred embodiment of 
the present invention includes a central processing unit, a 
powerfail counter, a removable memory driver, a first-level 
interrupt handler, various interrupt service routines, a power 

5 manager and a voltage sensor. 

In the preferred embodiment, the first-level interrupt 
handler initially sets the powerfail counter to a value of zero. 
Various interrupt service routines (each corresponding to a 
specific camera function or operation) may register them- 

10 selves with the first-level interrupt handler (which coordi- 
nates all interrupts within the digital camera) to receive 
notification of an intervening power failure. Alternately, 
each interrupt service routine may receive a unique interrupt 
directly, via some form of vector interrupt mechanism or by 
using a hard-coding methodology. 

15 The power manager monitors the voltage sensor to detect 
a power failure within the digital camera. After detecting a 
power failure in which the camera operating power is less 
than a specified threshold value, the power manager gener- 
ates a powerfail interrupt. The central processing unit 

20 responsively performs a powerfail powerdown sequence to 
preserve image data contained within the digital camera at 
the time of the intervening power failure. The power man- 
ager removes operating power from all non-critical sub- 
systems and switches the critical subsystems to a backup 

25 power supply. The central processing unit and the camera's 
volatile memory are thus maintained in a static low-power 
mode, with all states preserved intact. 

After the power failure is remedied, the central processing 
unit performs a restart sequence to preserve any stored 

30 image data and to return the digital camera to a normal 
operational mode. In the preferred embodiment, the first- 
level interrupt handler increments the powerfail counter to 
record the intervening power failure. The first level interrupt 
handler then notifies the registered interrupt service routines 

35 about the power failure restart and corresponding hardware 
reset. 

In alternate embodiments, the interrupt service routines 
may operate in cooperation with various other system rou- 
tines. These cooperating routines thus may form various 

40 hierarchical networks which operate in synchronous or 
asynchronous modes. For example, a particular interrupt 
service routine may function in response to a device driver. 
The device driver, in turn, may function in response to an 
application program. In such cases, the interrupt service 

45 routines typically propagate their received power failure 
notification to any related routines in the network which 
require notification of the power failure restart. 

In the normal operational mode, the digital camera peri- 
odically performs a memory access operation which requires 

50 successful completion. To ensure that a memory access 
operation is completed without an intervening power failure, 
the removable memory driver preferably reads the powerfail 
counter prior to performing a memory access operation to 
obtain a pre-operation value. After performing the memory 

55 access operation, the removable memory driver again reads 
the powerfail counter to obtain a post-operation value. The 
removable memory driver then compares the pre-operation 
value and the post-operation value, and repeats the memory 
access operation if the pre-operation value and the post- 

60 operation value are different. The present invention thus 
preserves the integrity of captured image data and effec- 
tively prevents damage to media files in the digital camera 
device. 

65 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of a digital camera according to 
the present invention; 
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FIG. 2 is a block diagram of the preferred embodiment for then routed through ASP 228, A/D converter 230 and 

the imaging device of FIG. 1; interface 232. Interface 232 has outputs for controlling ASP 

FIG. 3 is a block diagram of the preferred embodiment for 228 > motors 234 and generator 226. From interface 

the computer of FIG. 1; tne raw ima g e data passes over system bus 116 to 

FIG. 4 is a block diagram showing the preferred embodi- 5 "Signow to FIG. 3, a block diagram of the preferred 

ment of the Read-Only Memory of FIG. 3; embodiment for computer 118 is shown. System bus 116 

FTG.5 is a block diagram showing the preferred embodi- provides connection paths between imaging device 114, 

ment of the Dynamic Random -Access Memory of FIG. 3; power manager 342, central processing unit (CPU) 344, 

FIG. 6 is a flowchart of preferred general method steps for 10 dynamic random-access memory (DRAM) 346, input/ 

recovering from a power failure according to the present output interface (I/O) 348, read-only memory (ROM) 350, 

invention* and connector 352. In the preferred embodiment, removable 

FIG. 7 is a flowchart of preferred method steps for mem0r y 3 ?l may ako conneCt t0 System bus 116 via 

r _r ., K J. connector 352. 

performing a powerfail powerdown sequence according to _ mM . _ 

the present invention; 15 Power mana S er 342 communicates via line 366 with 

™^ 0 . n rrj , . - power supply 356 and coordinates power management 

MO. * is a flowchart ot preierred method steps tor operations for 

camera 110 as discussed below in conjunction 

pertorming a resume/restart sequence according to the with HGS> ^ cpu 344 typicaUy iMes 

a conventional 

present invention; and processor device for controlling the operation of camera 110. 

FIG. 9 is a flowchart of preferred method steps for i n the preferred embodiment, CPU 344 is capable of con- 
preventing power failure damage to memory files according currently running multiple software routines to control the 
to the present invention. various processes of camera 110 within a multi- threading 
DETAILED DESCRIPTION OF THE environment. DRAM 346 is a contiguous block of dynamic 
PREFERRED EMBODIMENT memory which may be selective!) ^located to various 

25 storage functions by computer 118. DRAM 346 includes a 
The present invention discloses a system and method for powerfail counter 347 which is incremented each time a 
preventing damage to media files within a digital camera power failure occurs in power supply 356. DRAM 346 and 
device and comprises a power manager for detecting power powerfail counter 347 are further discussed below in con- 
failures, an interrupt handler for responsively incrementing junction with FIGS. 5-9. 

a counter device and a removable memory driver for per- 3Q I/O 348 is an interface device allowing communications 

forming memory access operations, evaluating the counter to and from computer 118. For example, I/O 348 permits an 

device to determine whether a power failure has occurred external host computer (not shown) to connect to and 

during the memory access operation and for repeating the communicate with computer 118. I/O 348 also permits a 

memory access operation whenever a power failure has camera 110 user to communicate with camera 110 via a set 

occurred during the memory access operation. 35 of externally-mounted user controls and via an external LCD 

Referring now to FIG. 1, a block diagram of a camera 110 display panel. ROM 350 typically comprises a conventional 

is shown according to the present invention. Camera 110 nonvolatile read-only memory which stores a set of 

preferably comprises an imaging device 114, a system bus computer-readable program instructions to control the 

116 and a computer 118. Imaging device 114 is optically operation of camera 110. ROM 350 is further discussed 

coupled to an object 112 and electrically coupled via system 40 below in conjunction with FIG. 4. Removable memory 354 

bus 116 to computer 118. Once a photographer has focused serves as an additional image data storage area and is 

imaging device 114 on object 112 and, using a capture preferably a non-volatile device, readily removable and 

button or some other means, instructed camera 110 to replaceable by a camera 110 user via connector 352. Thus, 

capture an image of object 112, computer 118 commands a user who possesses several removable memories 354 may 

imaging device 114 via system bus 116 to capture raw image 45 replace a full removable memory 354 with an empty remov- 

data representing object 112. The captured raw image data is able memory 354 to effectively expand the picture-taking 

transferred over system bus 116 to computer 118 which capacity of camera 110. In the preferred embodiment of the 

performs various image processing functions on the image present invention, removable memory 354 is typically 

data before storing it in its internal memory. System bus 116 implemented using a flash disk. 

also passes various status and control signals between imag- 50 Power supply 356 supplies operating power to the various 

ing device 114 and computer 118. components of camera 110. In the preferred embodiment, 

Referring now to FIG. 2, a block diagram of the preferred power supply 356 provides operating power to a main power 

embodiment of imaging device 114 is shown. Imaging bus 362 and also to a secondary power bus 364. The main 

device 114 preferably comprises a lens 220 having an iris, a power bus 362 provides power to imaging device 114, I/O 

filter 222, an image sensor 224, a timing generator 226, an 55 348, ROM 350 and removable memory 354. The secondary 

analog signal processor (ASP) 228, an analog-to -digital power bus 364 provides power to power manager 342, CPU 

(A/D) converter 230, an interface 232, and one or more 344 and DRAM 346. 

motors 234. Power supply 356 is connected to main batteries 358 and 

U.S. Pat. No. 5,496,106, entitled "A System and Method also to backup batteries 360. In the preferred embodiment, 

For Generating a Contrast Overlay as a Focus Assist for an 60 a camera 110 user may also connect power supply 356 to an 

Imaging Device," issued on Mar. 5, 1966, is incorporated external power source. During normal operation of power 

herein by reference, and provides a detailed discussion of the supply 356, the main batteries 358 provide operating power 

preferred elements of imaging device 114. Briefly, imaging to power supply 356 which then provides the operating 

device 114 captures an image of object 112 via reflected light power to camera 110 via both main power bus 362 and 

impacting image sensor 224 along optical path 236. Image 65 secondary power bus 364. 

sensor 224 responsively generates a set of raw image data During a power failure mode in which the main batteries 

representing the captured image 112. The raw image data is 358 have failed (when their output voltage has fallen below 
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a minimum operational voltage level) the backup batteries powerfail counter 347, frame buffers 536 (for initially stor- 

360 provide operating power to power supply 356 which ing sets of raw image data received from imaging device 

then provides the operating power only to the secondary 114), image processing (IP) buffers 538 (for temporarily 

power bus 364 of camera 110. Selected components of storing image data during the image processing and com- 

camera 110 (including DRAM 346) are thus protected 5 pression 420 process), and Pfail CountL 540. In the pre- 

against a power failure in the main batteries 358. ferred embodiment, power fail counter 347 stores a value 

Power supply 356 preferably also includes a flywheel which first-level interrupt handler 412 preferably increments 

capacitor connected to the power line coming from the main eacn time voltage sensor 359 detects a power failure in main 

batteries 358. If the main batteries 358 suddenly fail, the batteries 358. Pfail CountL 540 may selectively be used to 

flywheel capacitor temporarily maintains the voltage from 10 store a local c°Py ° f tne current value of powerfail counter 

the main batteries 358 at a sufficient level, so that computer 347 > according to the present invention. Powerfail counter 

118 can protect any image data currently being processed by 347 and Pfail CountL 540 are further discussed below in 

camera 110 before shutdown occurs. conjunction with FIGS. 6-9. Working memory 530 may also 

Voltage sensor 359 detects the voltage supplied by main J^* 8 ™? stacks, data structures and variables used by 

batteries 358 and responsively provides the detected voltage 15 CPU 344 *JJ e ex ^ng the software routines used within 

reading to power manager 342. The operation of power computer 118. 

manager 342, power supply 356 and voltage sensor 359 are RAM disk 532 & a memory area used for storing raw and 

further discussed below in conjunction with FIGS. 6-8. compressed image data and typically is organized in a 

Referring now to FIG. 4, a memory map showing the "sectored" format similar to that of conventional hard disk 

preferred embodiment of read-only memory (ROM) 350 is 20 dnves - In the P referred embodiment, RAM disk 532 uses a 

shown. In the preferred embodiment, ROM 350 includes well-known and standardized file system to permit external 

control application 400, toolbox 402, drivers 404, kernel 406 host computer systems, via I/O 348, to readily recognize and 

and system configuration 408. Control application 400 com- access the data stored 0D RAM disk 532 - System area 534 

prises program instructions for controlling and coordinating typically stores data regarding system errors (for example, 

the various functions of camera 110. Toolbox 402 contains 25 wh ? a s y stem shutdown occurred) for use by CPU 344 upon 

selected function modules including memory manager 410 a restart of computer ns - 

which is controlled by control application 400 and respon- Referring now to FIG. 6, a flowchart of preferred general 

sively allocates DRAM 346 storage locations depending method steps for recovering from a power failure is shown, 

upon the needs of computer 118 and the sets of received Initially, a user applies 640 power to camera 110 by install- 

image data. ing main batteries 358 and backup batteries 360, and then 

Drivers 404 control various components of camera 110 activating an externally-mounted power on-off switch. First- 

and include removable memory driver 411, a first level level interrupt handler (FLIH) 412 then sets 642 powerfail 

interrupt handler (FLIH) 412 and various interrupt service counter 347 to a value of zero. Next, various interrupt 

routines (ISRs) 414. In the preferred embodiment, remov- 35 service routines 414 register 644 with the first level interrupt 

able memory driver 411 is a routine which controls and handler 412 to request notification in the event of a power 

coordinates the operation of removable memory 354. failure in main batteries 358. 

Removable memory driver 411 is further discussed below in CPU 344 then runs 646 control application 400 to operate 
conjunction with FIG. 9. FLIH 412 is preferably a software camera 110 in normal operation mode which captures, 
routine which coordinates all interrupts within camera 110. 40 processes, compresses and stores sequential sets of image 
FLIH 412 typically handles ordinary non-critical interrupts data. In normal operation mode, CPU 344 periodically 
and also handles non-maskable critical interrupts such as a requests the execution of various critical processes. In the 
power failure in main batteries 358. FLIH 412 preferably preferred embodiment, CPU 344 repeatedly checks power- 
communicates with the various ISRs 414 which are each fail counter 347 to determine whether a critical process has 
designed to handle a specific corresponding interrupt within 45 been interrupted by an intervening power failure. This 
camera 110. FLIH 412 notifies the appropriate ISRs 414 via process of using powerfail counter 347 to ensure the suc- 
a "signal" when the interrupts occur. A signal is a mecha- cessful execution of critical processes is further discussed 
nism used by multi-tasking operating systems for inter- below in conjunction with FIG. 9. 

process communications and synchronization. Next, voltage sensor 359 senses 648 the voltage level of 

For example, a camera 110 user may request zoom motor 50 main batteries 358 and provides power manager 342 with 

234 to perform a zoom operation using lens 220. When the the sensed voltage level. Power manager 342 then deter- 

requested zoom process is complete, an interrupt is gener- mines 650 whether the voltage level of main batteries 358 is 

ated to indicate that zoom motor 234 and lens 220 have greater than a predetermined threshold voltage level. The 

reached their destination positions. The particular ISR 414 threshold value is typically selected to be incrementally 

which corresponds to the foregoing zoom process then 55 higher that the minimum operating voltage (to permit 

responsively handles the generated interrupt and provides a orderly shutdown of the camera 110 processes). If the 

status update to higher-level routines, if necessary. In pre- voltage of main batteries 358 is greater than the selected 

ferred embodiment, kernel 406 provides a range of basic threshold value, then the FIG. 6 process repeats the steps 

underlying services for the camera 110 operating system. 646, 648 and 650. 

System configuration 408 performs initial start-up routines 6 o However, if the voltage of main batteries 358 is not 

for camera 110, including the boot routine and initial system greater 650 than the predetermined threshold value, then 

diagnostics. power manager 342 generates 652 a powerfail interrupt. In 

Referring now to FIG. 5, a memory map showing the the preferred embodiment, the powerfail interrupt may be 

preferred embodiment of dynamic random-access memory disabled in rare cases in which a sequence of CPU 344 

(DRAM) 346 is shown. In the preferred embodiment, 65 instructions must never be interrupted by a power failure. 

DRAM 346 includes working memory 530, RAM disk 532 Any disabling of the powerfail interrupt, however, is 

and system area 534. Working memory 530 includes a restricted to a very short period of time. Next, CPU 344 



US 6,263,453 Bl 

7 8 

receives the generated powerfail interrupt and responsively the present invention is shown. Initially, CPU 344 waits 828 

performs 654 a powerfail powerdown sequence to protect for a "wake up" signal which is typicafly generated in 

the image data currently within camera 110. The powerfail response to the activation of a camera 110 power on-off 

powerdown sequence is further discussed below in conjunc- switch. After the "wake up" signal is generated, power 

tion with FIG. 7. 5 manager 342 determines 830 whether power supply 356 is 

The camera 110 user may then replace 655 the main generating enough operating power to start camera 110. If 
batteries 358 and activate the camera 110 power on/off sufficient operating power is present, power manager 342 
switch. CPU 344 then performs 656 a restart/resume starts 832 power supply 356 in normal mode with the main 
sequence to bring camera 110 back to normal operating batteries 358 providing operating power to power supply 
mode while also preserving any existing image data. FLIH 10 356 which men responsively provides the operating power 
412 then increments 658 powerfail counter 347 to indicate to main power bus 362 and also to secondary power bus 364. 
the occurrence of a power failure in main batteries 358. Next, power manager 342 determines 834 whether the 
Alternately, powerfail counter 347 may be a hardware generated operating power is maintaining a sufficient volt- 
register which is incremented in power manager 342. a S e level. 

The first level interrupt handler 412 then notifies 660 any 35 If operating power is sufficient in camera 110, power 
registered interrupt service routines 414 about the power manager 342 then determines 836 whether a RESUME bit 
failure restart so that the interrupt service routines 414 are has been set in power manager 342. In the preferred 
aware that their corresponding hardware components have embodiment, CPU 344 sets the RESUME bit in response to 
been reset by the power failure and the subsequent camera a P ower failure m order t0 indicate that CPU 344 should not 
110 powerup. The power failure notification allows the 20 be reset in a subsequent powerup of camera 110. If the 
registered interrupt service routines 414 to run depending RESUME bit has been set, power manager 342 restarts 838 
upon their relative task priority. Typically, this notification is the CPU 344 which responsively resumes 840 normal opera- 
accomplished through the use of a signal or semaphore tion of DRAM 346 and then resumes 842 the camera 110 
which wakes up the interrupt service routine. P roces * which was interrupted by the intervening power 

In alternate embodiments, the interrupt service routines failure, 

may operate in cooperation with various other system rou- If the RESUME bit has not been set, then power manager 

tines. These cooperating routines thus may form various 342 restarts 844 the CPU 344 and issues 846 a CPU 344 

hierarchical networks which operate in synchronous or reset. CPU 344 then resumes 848 normal operation of 

asynchronous modes. For example, a particular interrupt DRAM 346 and boots 850 the computer 110 system using 

service routine may function in response to a device driver. the system configuration 408 routine. Next, CPU 344 deter- 

The device driver, in turn, may function in response to an mines 852 whether a MSAVE bit has been set in power 

application program. In such cases, the interrupt service manager 342. In the preferred embodiment, CPU 344 sets 

routines typically propagate their received power failure the MSAVE bit to specify that RAM disk 532 contains 

notification to any related routines in the network which image data that should be saved upon restart of computer 

require notification of the power failure restart. Finally, the 118. If the MSAVE bit has not been set, computer 118 

FIG. 6 process then returns to step 646 and CPU 344 runs formats 854 a new RAM disk 532. CPU 344 then runs 858 

control application 400 to operate camera 110 in normal control application 400 for normal operation of camera 110. 

operation mode, as discussed above. In step 852, if the MSAVE bit has been set, then CPU 344 

Referring now to FIG. 7, a flowchart of preferred method 40 rec ° vers ^ d mounts 856 < ?^ 1 disk 53 , 2 ' CPU 344 l r hen mns 

steps for performing a powerfail powerdown sequence 858 control apphcation 400 for normal operation of camera 

according to the present invention is shown. Initially, power 110 ^ restart/resume process of FIG. 8 then ends, 

manager 342 sets 710 a PFAIL bit which records the Referring now to FIG. 9, a flowchart of preferred method 

occurrence of a power failure so that computer 118 software steps for preventing power failure damage to the contents of 

routines may subsequently access this information when 45 removable memory 354 is shown. This FIG. 9 process may 

needed. Next, power manager 342 turns off 712 all non- also be applied to selected other camera 110 processes or 

critical subsystems. Power manager 342 then signals 714 operations whose successful completion would be seriously 

CPU 344 with an interrupt and CPU 344 responsively stops impaired by an intervening power failure. 

716 the current process. Initially, removable memory driver 411 reads 956 the 

Next, CPU 344 sets 718 the RESUME bit in power 50 contents of powerfail counter 347 to obtain a current 

manager 342 to indicate that CPU 344 should not be reset in PFCount value. Next, removable memory driver 411 saves 

a subsequent powerup of camera 110. CPU 344 then forces 958 a local copy of the current PFCount value into Pfail 

720 a full refresh of DRAM 346 and then forces 722 DRAM CountL 540 within working memory 530. Then, removable 

346 into a self-refresh mode. Next, CPU 344 signals 724 memory driver 411 obtains and decodes 960 any existing 

power manager 342 to shut down and then CPU 344 halts 55 requests to perform a function related to removable memory 

726 operation. After halting, CPU 344 still receives operat- 411. Next, removable memory driver 411 determines 962 

ing power from backup batteries 360 and is essentially whether the requested driver 411 function requires accessing 

stopped "in place." In this static mode, system bus 116 is in removable memory 354 to perform a memory input/output 

a tri-state condition and the CPU 344 clock is stopped. All function, such as a read/write operation. 

CPU 344 states, however, are still intact (for example, the 60 If the requested memory function does not require an 

registers, program counter, cache and stack are preserved access of removable memory 354, then removable memory 

intact) and image data in DRAM 346 is also preserved driver 411 performs 964 these non-read/write functions and 

intact. Next, power manager 342 removes 728 operating the FIG. 9 process ends. However, if the requested memory 

power from main power bus 362. The FIG. 7 powerfail function involves an input/output operation to move infor- 

powerdown sequence is then complete. $5 mation to or from removable memory 354, then removable 

Referring now to FIG. 8, a flowchart of preferred method memory driver 411 performs 966 the read/write operation(s) 

steps for performing a restart/resume sequence according to as requested. These operations typically include the comple- 



